Secure identification of intranet network

US 9,143,510 B2
Filed: 12/04/2013
Issued: 09/22/2015
Est. Priority Date: 04/19/2007
Status: Active Grant

First Claim

Patent Images

1. A method performed on a particular computing device that includes at least one processor and memory and that is coupled to a network, the method comprising:

determining, by the particular computing device in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller;

determining, by the particular computing device in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller;

determining, by the particular computing device in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller;

generating, by the particular computing device, a unique identifier of the network based on;

at least one high-entropy property of the network; and

at least one of the first information, the second information, or the third information; and

providing, by the particular computing device, the generated unique identifier of the network to a component on the particular computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

23 Citations

20 Claims

1. A method performed on a particular computing device that includes at least one processor and memory and that is coupled to a network, the method comprising:
- determining, by the particular computing device in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller;
  
  determining, by the particular computing device in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller;
  
  determining, by the particular computing device in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller;
  
  generating, by the particular computing device, a unique identifier of the network based on;
  
  at least one high-entropy property of the network; and
  
  at least one of the first information, the second information, or the third information; and
  
  providing, by the particular computing device, the generated unique identifier of the network to a component on the particular computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 where the at least one high-entropy property is resistant to being guessed outside of the network.
  - 3. The method of claim 1 where the at least one high-entropy property is resistant to being obtained outside of the network.
  - 4. The method of claim 1 where the at least one high-entropy property comprises a globally unique identifier (“
    - GUID”
      
      ) of the domain.
  - 5. The method of claim 1 where the component is an application.
  - 6. The method of claim 1 where the component is an operating system.
  - 7. The method of claim 1 where the generated unique identifier is configured for uniquely identifying the network to the particular computing device.

8. At least one computer storage device comprising:
- memory that comprises computer-executable instructions that, based on execution by a particular computing device, configure the particular computing device to;
  
  determine, in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller;
  
  determine, in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by a domain controller;
  
  determine, in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller;
  
  generate a unique identifier of the network based on;
  
  at least one high-entropy property of the network; and
  
  at least one of the first information, the second information, or the third information; and
  
  provide the generated unique identifier of the network to a component on the particular computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The at least one computer storage device of claim 8 where the at least one high-entropy property is resistant to being guessed outside of the network.
  - 10. The at least one computer storage device of claim 8 where the at least one high-entropy property is resistant to being obtained outside of the network.
  - 11. The at least one computer storage device of claim 8 where the at least one high-entropy property comprises a globally unique identifier (“
    - GUID”
      
      ) of the domain.
  - 12. The at least one computer storage device of claim 8 where the component is an application.
  - 13. The at least one computer storage device of claim 8 where the component is an operating system.
  - 14. The at least one computer storage device of claim 8 where the generated unique identifier is configured for uniquely identifying the network to the computing device.

15. A system comprising:
- a particular computing device that includes at least one processor and memory;
  
  the particular computing device configured to determine, in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller;
  
  the particular computing device configured to determine, in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller;
  
  the particular computing device configured to determine, in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller;
  
  a network location awareness component configured to generate, a unique identifier of the network based on;
  
  at least one high-entropy property of the network; and
  
  at least one of the first information, the second information, or the third information; and
  
  the particular computing device configured to provide the generated unique identifier of the network to a component on the particular computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 where the at least one high-entropy property is resistant to being guessed outside of the network.
  - 17. The system of claim 15 where the at least one high-entropy property comprises a globally unique identifier (“
    - GUID”
      
      ) of the domain.
  - 18. The system of claim 15 where the generated unique identifier is configured for uniquely identifying the network to the computing device.
  - 19. The system of claim 15 where the at least one high-entropy property is resistant to being obtained outside of the network.
  - 20. The system of claim 15 where the component is an application or an operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Begorre, Bill, Brewis, Deon C.
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US14/096,010
Publication Number

US 20140096211A1
Time in Patent Office

657 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

H04L 61/30   Managing network names, e.g...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

Secure identification of intranet network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure identification of intranet network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links